Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ace30_application_control_engine_module_firmware | 3.0(0)a5(3.0) |
| cisco | adaptive_security_appliance_5520_firmware | 9.1(7.16) |
| cisco | webex_meetings | t31 |
| cavium | nitrox_v_ssl_sdk | * |
| cisco | ace4710_application_control_engine_firmware | 3.0(0)a5(2.0) |
| cavium | nitrox_ssl_sdk | * |
| cisco | ace30_application_control_engine_module_firmware | 3.0(0)a5(3.5) |
| cavium | octeon_sdk | * |
| cisco | ace4710_application_control_engine_firmware | 3.0(0)a5(3.5) |
| cisco | adaptive_security_appliance_5510_firmware | 9.1(7.16) |
| cisco | webex_conect_im | 7.24.1 |
| cisco | ace4710_application_control_engine_firmware | 3.0(0)a5(3.0) |
| cisco | webex_meetings | t32 |
| cisco | adaptive_security_appliance_5505_firmware | 9.1(7.16) |
| cavium | octeon_ssl_sdk | * |
| cisco | adaptive_security_appliance_5540_firmware | 9.1(7.16) |
| cisco | ace30_application_control_engine_module_firmware | 3.0(0)a5(2.0) |
| cisco | adaptive_security_appliance_5550_firmware | 9.1(7.16) |
| cavium | turbossl_sdk | * |